Version 2 of cryptsetup got a few new fancy options, one of them is the ability to use Argon2 as key derivation function. Creating a LUKS2 volume with Argon2 as hash function is very easy: sudo cryptsetup luksFormat -M luks2 --pbkdf argon2id -i 5000 /dev/sdb Please note that grub still does not support it, so it can’t be used for boot drives. Once the volume is created, to mount it run: …

At a first glance enabling TRIM on a luks encrypted volume looks quite easy, and, as a matter of a fact it is. The shitstorm starts when trying to enable TRIM on the root volume, but, let’s go one step at a time. First of all, enabling trim on a regular not encrypted volume is pretty easy; just open the file <em>/etc/fstab</em> and add the flag <em>discard</em>. You may also want to add the flag <em>noatime</em> to prevent the OS from writing additional informations regarding last access date and such, it’s not strictly necessary but it will save the SSD’s cells some useless write operations. …